9.
How it was in the old days
• Old school telco gear: analog phones, analog infrastructure
• Legacy (formerly hot, now old and crufty) digital telco gear
• Voice was really data (since 1957)
• Proprietary protocols
• Closed networks (operated by closed minds)
• Security by obscurity
• Hub-and-spoke technology with central control
9

10.
The way things are now
• Voice IS data
• The telephone network IS the Internet
• The streams have been crossed: voice in data, data in phone calls
• The tools have merged: computers are phones and phones are
computers
• Phone hackers and computer hackers are the same thing
10

17.
An attacker’s view of a phone system: As a vector
— A vector: a path to attack something else
— Part of the enterprise network infrastructure
— Part of the public network infrastructure
— Target is interconnected so all nodes have value
16

38.
Defending VoIP: Maintenance
— All equipment should be maintained just like network gear.
— Ask for “windows update” for phones.
— Maintenance processes are now a superset of (voice, data)
processes.
— Processes should reflect that voice is part of your data network.
35

46.
Convergence: Definition
— Wireless everywhere
— 802.11 and GSM are just two kinds of radios.
— All phones are mobile phones.
— Phones are thick clients with rich services.
— Some vendor is going to talk you into doing a forklift upgrade.
43